SERVER-30221 Refactor Restriction/RestrictionSet to allow serialization to BSON

1 files changed, 36 insertions, 19 deletions

diff --git a/src/mongo/db/auth/restriction_set.h b/src/mongo/db/auth/restriction_set.h
index 4bab1db6e83..6e6169efec7 100644
--- a/src/mongo/db/auth/restriction_set.h
+++ b/src/mongo/db/auth/restriction_set.h
@@ -36,7 +36,7 @@
 
 namespace mongo {
 
-namespace detail {
+namespace restriction_detail {
 
 // Represents a set of restrictions, which may be attached to a user or role.
 // This set of restrictions is met by a RestrictionEnvironment, if any restriction
@@ -44,10 +44,7 @@ namespace detail {
 template <typename T,
           template <typename...> class Pointer = std::unique_ptr,
           template <typename...> class Sequence = std::vector>
-class RestrictionSetAny : public Restriction {
-    static_assert(std::is_base_of<Restriction, T>::value,
-                  "RestrictionSets must contain restrictions");
-
+class RestrictionSetAny : public UnnamedRestriction {
 public:
     using element_type = T;
     using pointer_type = Pointer<element_type>;
@@ -76,8 +73,20 @@ public:
                       str::stream() << "No member restriction in '" << *this << "' met");
     }
 
+    void appendToBuilder(BSONArrayBuilder* builder) const final {
+        builder->append(toBSON());
+    }
+
+    typename T::serialization_type::bson_type toBSON() const {
+        typename T::serialization_type::bson_builder_type builder;
+        for (const auto& r : _restrictions) {
+            r->appendToBuilder(&builder);
+        }
+        return T::serialization_type::finalize(&builder);
+    }
+
 private:
-    void serialize(std::ostream& os) const override final {
+    void serialize(std::ostream& os) const final {
         os << "{anyOf: [";
         for (const pointer_type& restriction : _restrictions) {
             if (restriction.get() != _restrictions.front().get()) {
@@ -96,10 +105,7 @@ private:
 template <typename T,
           template <typename...> class Pointer = std::unique_ptr,
           template <typename...> class Sequence = std::vector>
-class RestrictionSetAll : public Restriction {
-    static_assert(std::is_base_of<Restriction, T>::value,
-                  "RestrictionSets must contain restrictions");
-
+class RestrictionSetAll : public UnnamedRestriction {
 public:
     using element_type = T;
     using pointer_type = Pointer<element_type>;
@@ -114,10 +120,8 @@ public:
         _restrictions.push_back(std::move(restriction));
     }
 
-    template <typename R>
-    explicit RestrictionSetAll(const R& restriction) {
-        static_assert(std::is_base_of<Restriction, R>::value, "Must pass a Restriction type.");
-        _restrictions.push_back(stdx::make_unique<R>(restriction));
+    explicit RestrictionSetAll(const T& restriction) {
+        _restrictions.push_back(stdx::make_unique<T>(restriction));
     }
 
     Status validate(const RestrictionEnvironment& environment) const final {
@@ -132,6 +136,18 @@ public:
         return Status::OK();
     }
 
+    void appendToBuilder(BSONArrayBuilder* builder) const final {
+        builder->append(toBSON());
+    }
+
+    typename T::serialization_type::bson_type toBSON() const {
+        typename T::serialization_type::bson_builder_type builder;
+        for (const auto& r : _restrictions) {
+            r->appendToBuilder(&builder);
+        }
+        return T::serialization_type::finalize(&builder);
+    }
+
 private:
     void serialize(std::ostream& os) const final {
         os << "{allOf: [";
@@ -146,7 +162,7 @@ private:
 
     sequence_type _restrictions;
 };
-}  // namespace detail
+}  // namespace restriction_detail
 
 // Users and roles may have a set of sets of restrictions. The set of set of restrictions is met if
 // any of the sets are met. The sets are met if all of their restrictions are met.
@@ -155,16 +171,17 @@ private:
 // be met.
 template <template <typename...> class Pointer = std::unique_ptr,
           template <typename...> class Sequence = std::vector>
-using RestrictionSet = detail::RestrictionSetAll<Restriction, Pointer, Sequence>;
+using RestrictionSet = restriction_detail::RestrictionSetAll<NamedRestriction, Pointer, Sequence>;
 template <template <typename...> class Pointer = std::unique_ptr,
           template <typename...> class Sequence = std::vector>
-using RestrictionDocument = detail::RestrictionSetAny<RestrictionSet<>, Pointer, Sequence>;
+using RestrictionDocument =
+    restriction_detail::RestrictionSetAny<RestrictionSet<>, Pointer, Sequence>;
 template <template <typename...> class Pointer = std::unique_ptr,
           template <typename...> class Sequence = std::vector>
 using RestrictionDocumentsSequence =
-    detail::RestrictionSetAll<RestrictionDocument<>, Pointer, Sequence>;
+    restriction_detail::RestrictionSetAll<RestrictionDocument<>, Pointer, Sequence>;
 
 using SharedRestrictionDocument = std::shared_ptr<RestrictionDocument<>>;
-using RestrictionDocuments = RestrictionDocumentsSequence<std::shared_ptr, std::vector>;
+using RestrictionDocuments = RestrictionDocumentsSequence<std::shared_ptr>;
 
 }  // namespace mongo